Nano Banana Pro
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent image-generation helper, with expected notes around using a Gemini API key, sending prompts/images to Google, fetching Python dependencies, and writing the requested output file.
This skill looks safe to use for its stated purpose if you are comfortable with Google’s API processing your prompt and any input image. Prefer using the `GEMINI_API_KEY` environment variable instead of pasting keys into chat, review dependency resolution if you need strict reproducibility, and choose new output filenames to avoid overwriting existing files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume quota or permissions on the Gemini account tied to the API key.
The skill needs a Gemini API key to call the image API. This is expected for the stated purpose, but the key controls account quota/access and is not declared in the registry metadata.
The script checks for API key in this order: 1. `--api-key` argument (use if user provided key in chat) 2. `GEMINI_API_KEY` environment variable
Prefer setting `GEMINI_API_KEY` in the environment rather than pasting the key in chat or command lines, and use a key with only the access needed for image generation.
Private prompts or images provided for editing may be processed by Google’s API.
For edits, the script sends both the user’s input image and prompt to Google’s Gemini image API. This provider data flow is central to the skill’s purpose and is disclosed.
contents = [input_image, args.prompt]
...
response = client.models.generate_content(
model="gemini-3-pro-image-preview",
contents=contents,Use the skill only with images and prompts you are comfortable sending to the Gemini API, and review the provider’s data handling terms if the content is sensitive.
Dependency behavior could change if newer versions of these packages are resolved in the future.
The uv-executed script declares external Python dependencies using lower-bound version constraints rather than pinned versions, so future runs may resolve newer package versions.
# dependencies = [ # "google-genai>=1.0.0", # "pillow>=10.0.0", # ]
If reproducibility matters, pin dependency versions or review the resolved packages before first use.
A poorly chosen output path could replace an existing file with the generated PNG.
The script writes the generated image to the user- or agent-specified filename and creates parent directories as needed. This is expected for an image generator, but it can overwrite an existing file if the chosen path already exists.
output_path = Path(args.filename) output_path.parent.mkdir(parents=True, exist_ok=True) ... image.save(str(output_path), 'PNG')
Use fresh timestamped filenames as the skill suggests, and avoid pointing `--filename` at important existing files or protected directories.